Oracle’s NetSuite SuiteCommerce Vulnerable to Data Exposure Flaw

Published:

spot_img

Addressing Potential Risk in NetSuite’s SuiteCommerce: Data Exposure Issue Discovered

Potential Data Exposure Issue Discovered in NetSuite’s SuiteCommerce Platform

Oracle’s NetSuite, a widely used ERP platform, offers businesses the ability to set up an external-facing store using SuiteCommerce or SiteBuilder. This feature streamlines e-commerce operations and back-office processes, enhancing efficiency and automation in order processing, fulfillment, and inventory management.

However, a recent investigation has revealed a potential security flaw in the SuiteCommerce platform that could leave sensitive data vulnerable to attackers. The issue stems from misconfigured access controls on custom record types (CRTs), which could allow unauthorized access to critical information.

Aaron Costello, Chief of SaaS Security Research at AppOmni, warns that thousands of live public SuiteCommerce websites could be at risk due to this oversight. He explains that organizations may unknowingly expose default stock websites, even if they have no intention of running an e-commerce store.

The most concerning aspect of this vulnerability is the exposure of personally identifiable information (PII) of registered customers, such as addresses and mobile phone numbers. Costello emphasizes that this is not a flaw in the NetSuite product itself but rather a consequence of improper access control configurations by customers.

To mitigate this risk, businesses are advised to review and adjust access controls on custom record types and restrict access to sensitive fields. NetSuite administrators should ensure that table-level access controls require custom record entries permission and set field-level access controls to “None” for public access.

In light of this discovery, organizations are urged to take proactive measures to secure their NetSuite environments and safeguard sensitive data from potential breaches. By addressing these vulnerabilities promptly, businesses can protect their customers’ information and maintain the integrity of their online operations.

spot_img

Related articles

Recent articles

Three Russians Charged in $62M Cybercrime Scheme Targeting U.S. Infrastructure

Three Russians Charged in $62M Cybercrime Scheme Targeting U.S. Infrastructure In a significant development in the fight against cybercrime, three Russian nationals have been indicted...

Middle East Transforms Event Security: Designed to Welcome, Engineered to Protect

Middle East Transforms Event Security: Designed to Welcome, Engineered to Protect In recent years, the Middle East has emerged as a pivotal hub for global...

AI Transitions from Assisting Cyberattacks to Executing Them: Annual Report Reveals Alarming Shift

AI Transitions from Assisting Cyberattacks to Executing Them: Annual Report Reveals Alarming Shift In a significant development for cybersecurity, Check Point Software has released its...

Securonix Appoints Toby Weiss as CEO, Advancing Security Operations Amid Growing Threat Landscape

Securonix Appoints Toby Weiss as CEO, Advancing Security Operations Amid Growing Threat Landscape Securonix has announced the appointment of Toby Weiss as its new Chief...